End to End Encryption (E2EE) A Complete Guide

I hope you have noticed that few days Back WhatsApp have introduced End to End Encryption (E2EE)

You may Also Get this type of Text while sending or receiving messages

Ever Wonder Why so and What the is this ??

Let me explain you 😊

By the name End to End Encryption (E2EE) may you guessed It may include two ends and something like that

Right !!

Yes your right

End to End Encryption (E2EE) is an arrangement of communication where only the people are communicating can read the messages.

Means Suppose we are chatting so no other person can access the cryptographic keys to decrypt our conversation including Telecom partner too !!

In End to End Encryption (E2EE) Surveillance and tampering is not possible because no third party can decipher the data being communicated or stored !!

Why WhatsApp Have Introduced End to End Encryption (E2EE) and need for this ?

Some of our most personal moments are shared with WhatsApp, which is why WhatsApp built end-to-end encryption into the latest versions of their app.

When end-to-end encrypted, our messages, photos, videos, voice messages, documents, and calls are secured from falling into the wrong hand.

Many messaging apps only encrypt messages between you and them, but WhatsApp’s end-to-end encryption ensures only you and the person you’re communicating with can read what is sent, and nobody in between, not even WhatsApp.

This is because the messages will be secured with a lock, and only the recipient and you will have the unique key which can unlock the chat and you can read it 🙂

For additional protection, every message you send has its unique lock and key. All these happen automatically, no need to turn on settings or set up special secret chats to secure your messages.

Just like our messages, WhatsApp calls are end-to-end encrypted so WhatsApp and third parties can’t listen to them.

Our messages should be in our hands. That’s why WhatsApp doesn’t store our messages on their servers once they deliver them, WhatsApp and other third parties cannot be able to read them

Man-in-the-Middle attacks

End-to-end encryption ensures that data is transferred securely between end points.

Rather than trying to break the encryption, a hearer may imitate message recipient (during the key exchange ), so that messages are encrypted with a key known to the attacker

After decrypting the message, the snoop can then encrypt it with a key that she shares with the actual recipient or his public key in case of asymmetric systems, and send the message on again to avoid detection. This is known as a man-in-the-middle attack.

This is the most common way that attackers use to break the security !!

Most end-to-end encryption protocols include some form of endpoint authentication specifically to prevent MITM attacks. For example, one could rely on certification authorities or webs of trust.

An alternative technique is to generate cryptographic hashes (fingerprints) based on the communicating user’s public keys or shared secret keys.

The parties compare their fingerprints using an off-brand communication channel that guarantees integrity and authenticity of communication (but not necessarily secrecy), before starting their conversation. If the fingerprints match, there is in theory, no man in the middle.

Conclusion

The end-to-end encryption model does not directly address risks at the send communication points themselves. Each users’ computer can still be hacked to steal his or her cryptographic key (to create an MITM attack) or only read the recipients’ decrypted messages.

Even the most perfectly encrypted communication pipe is only as secure as the mailbox on the other end.

Hope you know that Apple is using E2EE for a long time then WhatsApp joined the creed now Viber has also encrypted their server with E2EE.